<?php
include('include/init.php');



$do_array = array('login','logout','password');
if (!in_array($_REQUEST['do'],$do_array))
{
    $_REQUEST['do'] = $do_array[0];
}




if ($_REQUEST['do'] == 'login')
{
    $template_array = array('home','login','redirect');
    $template = new Template($template_array);
    $core->clean(array('username','password'),'POST');
    if ($_POST['submit'])
    {
        $query = 'SELECT
                    user.userid,
                    user.active,
                    user.salt
                  FROM `'.TABLEPREFIX.'user` AS user
                  WHERE user.username=:username
                    AND user.password=MD5(CONCAT(MD5(:password),user.salt))';
        $core->db->prepare($query);
        $core->db->bind('username',$core->cleaned('username'),Database::PARAM_STR);
        $core->db->bind('username',$core->cleaned('password'),Database::PARAM_STR);
        $core->db->execute();
        $array = $core->db->fetchAll();
        $core->db->free();

        $loginerror = FALSE;
        if (!$array[0]['userid'])
        {
            $loginerror = TRUE;
            $template->set('login','loginerror_username',$language->get('loginerror_username_wronglogin'));
        }
        elseif (!$array[0]['active'])
        {
            $loginerror = TRUE;
            $template->set('login','loginerror_username',$language->get('loginerror_username_inactive'));
        }
        elseif ($array[0]['active'] == 2)
        {
            $loginerror = TRUE;
            $template->set('login','loginerror_username',$language->get('loginerror_username_banned'));
        }


        if ($loginerror)
        {
            $template->set('login','lang_username',$language->get('username'));
            $template->set('login','lang_password',$language->get('password'));
            $template->set('login','lang_login',$language->get('login'));

            $template->set('home','setting_lang',$language->get('shortname'));
            $template->set('home','pagetitle',$core->get('pagetitle'));
            $template->set('home','content',$template->get('login'));
            $template->out('home');
        }
        else
        {
            $session->set('username',$core->cleaned('username'));
            $session->set('password',md5(md5($core->cleaned('password')).$array[0]));
            $session->set('userid',$core->cleaned('userid'));
            $session->write();

            $template->set('redirect','url',$session->generateURL('index.php'));
            $template->set('redirect','lang_redirect',$language->get('redirect'));
            $template->set('redirect','message',sprintf($language->get('login_successful'),$core->cleaned('username')));
             
            $template->set('home','setting_lang',$language->get('shortname'));
            $template->set('home','pagetitle',$core->get('pagetitle'));
            $template->set('home','content',$template->get('redirect'));
            $template->out('home');
        }
    }
    else
    {
        $template->set('login','loginerror_username','');
        $template->set('login','lang_username',$language->get('username'));
        $template->set('login','lang_password',$language->get('password'));
        $template->set('login','lang_login',$language->get('login'));

        $template->set('home','setting_lang',$language->get('shortname'));
        $template->set('home','pagetitle',$core->get('pagetitle'));
        $template->set('home','content',$template->get('login'));
        $template->out('home');
    }
}





if ($_REQUEST['do'] == 'logout')
{
    $template->set('redirect','url',$session->generateURL('index.php'));
    $template->set('redirect','lang_redirect',$language->get('redirect'));
    $template->set('redirect','message',$language->get('logout_successful'));

    $template->set('home','setting_lang',$language->get('shortname'));
    $template->set('home','pagetitle',$core->get('pagetitle'));
    $template->set('home','content',$template->get('redirect'));
    $template->out('home');
}





if ($_REQUEST['do'] == 'requestlogin')
{
    $template_array = array('home','requestlogin','redirect');
    $template = new Template($template_array);
    $core->clean(array('username','email'),'POST');
    if ($_POST['submit'])
    {
        if (!$core->cleaned('email'))
        {
            $requestloginerror = TRUE;
            $template->set('requestlogin','lang_requestloginerror_email',$language->get('requestloginerror_email_missing'));
        }
        else
        {
            $template->set('requestlogin','lang_requestlogin_email','');
        }

        if (!$requestloginerror)
        {
            $query = 'SELECT
                        user.userid
                      FROM `'.TABLEPREFIX.'user` AS user
                      WHERE user.email=:email
                      LIMIT 1';
            $core->db->prepare($query);
            $core->db->bind('email',$core->cleaned('email'),Database::PARAM_STR);
            $core->db->execute();
            $array = $core->db->fetchAll();
            $core->db->free();

            if (!$array[0]['userid'])
            {
                $requestloginerror = TRUE;
                $template->set('requestlogin','lang_requestloginerror_email',$language->get('requestloginerror_user_not_found'));
            }
        }


        if ($requestloginerror)
        {
            $template->set('requestlogin','lang_email',$language->get('email'));
            $template->set('requestlogin','lang_requestlogin',$language->get('requestlogin'));
            $template->set('requestlogin','request_email',$core->cleaned('email'));

            $template->set('home','setting_lang',$language->get('shortname'));
            $template->set('home','pagetitle',$core->get('pagetitle'));
            $template->set('home','content',$template->get('requestlogin'));
            $template->out('home');
        }
        else
        {
            $randarray = range('!','~');
            shuffle($randarray);
            $randpass = substr(md5(implode('',$randarray)),0,10);
            $pass = $core->createPassword($randpass);

            $query = 'REPLACE INTO `'.TABLEPREFIX.'datastorage`
	                  (
	                  	name,
	                  	identifier,
	                  	value
	                  )
	                  VALUES
	                  (
	                    "newpassword",
	                    :identifier1,
	                    :value1
	                  )';
            $core->db->prepare($query);
            $core->db->bind('identifier1',$array[0]['userid'],Database::PARAM_INT);
            $core->db->bind('value1',serialize($randpass),Database::PARAM_STR);
            $core->db->execute();
            $core->db->free();


            $url = $session->generateURL('register.php',array('do' => 'newpassword','username' => $core->cleaned('username'),'oldpassword' => $randpass));
            $subject = sprintf($language->get('requestloginmail_subject'),$core->get('name'));
            $body = sprintf($language->get('requestloginmail_body'),$core->cleaned('username'),$core->get('pagetitle'),$url);
            mail($core->cleaned('email'),$subject,$body,$core->get('requestloginmail_header'));
            unset($url,$subject,$body);
             
            $template->set('redirect','url',$session->generateURL('index.php'));
            $template->set('redirect','lang_redirect',$language->get('redirect'));
            $template->set('redirect','message',$language->get('requestlogin_successful'));

            $template->set('home','setting_lang',$language->info('shortname'));
            $template->set('home','pagetitle',$core->get('pagetitle'));
            $template->set('home','content',$template->get('redirect'));
            $template->out('home');
        }
    }
    else
    {
        $template->set('requestlogin','lang_username',$language->get('username'));
        $template->set('requestlogin','lang_email',$language->get('email'));
        $template->set('requestlogin','lang_requestlogin',$language->get('requestlogin'));
        $template->set('requestlogin','request_username',$core->cleaned('username'));
        $template->set('requestlogin','request_email',$core->cleaned('email'));
        $template->set('requestlogin','lang_requestloginerror_username','');
        $template->set('requestlogin','lang_requestloginerror_email','');

        $template->set('home','setting_lang',$language->info('shortname'));
        $template->set('home','pagetitle',$core->get('pagetitle'));
        $template->set('home','content',$template->get('requestlogin'));
        $template->out('home');
    }
}
?>